Re: Orinoco Shared Key Problem - RE: FR and Orinoco AP2000

2003-10-09 Thread Joe Antkowiak 
What NAS-type did you specify though?

> I had to enter the macs in this format 00022d-xx.  After that it
> worked.
> Peggy
>
> Subject:  Re: Orinoco Shared Key Problem - RE: FR
> and Orinoco AP2000
> From:     "Joe Antkowiak" <[EMAIL PROTECTED]>
> To:   [EMAIL PROTECTED]
> Send reply to:[EMAIL PROTECTED]
> Date sent:Thu, 9 Oct 2003 15:36:47 -0400 (EDT)
>
>> Tried that too...  is there another one I need to use maybe?  orinoco
>> uses
>> lucent gear...  But would that cause this kind of problem?  What exactly
>> does the NAS-type make radius do differently?
>>
>>
>> > Maybe try changing your NAS type to other?
>> >
>> > --
>> > AA7C EF9F 451F E4AF EB1E 7212 BA37 2882 E813 5B02
>> > --
>> > Jay DeSotel
>> > Systems Administrator
>> > InterLink L.C.
>> > <[EMAIL PROTECTED]>
>> >
>> > On Thu, 9 Oct 2003, Joe Antkowiak wrote:
>> >
>> >> Ok, so I read a little more, and it looks like there is a problem
>> with
>> >> my
>> >> shared secret, on the orinoco side.
>> >>
>> >> I've entered and re-entered the shared secret on the orinoco AP to no
>> >> avail.  Just to make sure it works, I tried this exact config with a
>> >> cisco
>> >> AP and it works fine.
>> >>
>> >> Is there something special I have to do when getting an Orinoco AP to
>> >> talk
>> >> to freeradius, ie to/for the shared key?  What NAS type should I use?
>> >> (Would that have anything to do with this?)
>> >>
>> >> It only authenticates because I have Auth-Type := Accept set on every
>> >> mac
>> >> address user.
>> >>
>> >> -Joe
>> >>
>> >> > Hi,
>> >> >
>> >> > I'm stumped.
>> >> >
>> >> > We have a few orinico AP-2000's that we're trying to set up
>> >> mac-address
>> >> > control through radius.
>> >> >
>> >> > The authentication works fine.  The shared secrets are correct,
>> >> > everything's configured right, etc...
>> >> >
>> >> > Accounting, however, doesn't.  When freeradius 0.9.1 (and 0.9.0)
>> >> receives
>> >> > an accounting request from any AP2000, it complains that the shared
>> >> secret
>> >> > is not the same, and rejects it.
>> >> >
>> >> > Now, I've read all the e-mails I could find about this, and I've
>> tried
>> >> all
>> >> > kinds of things, and I still can't get it to work, with freeradius.
>> >> >
>> >> > On an off chance, I tried it with cistron radius instead, with
>> basicly
>> >> the
>> >> > same exact configuration, and wa-la, everything works!
>> >> >
>> >> > This is the account record that the AP sends back to radius (as
>> >> recorded
>> >> > by cistron):
>> >> > Thu Oct  9 14:06:52 2003
>> >> > User-Name = "00-0c-41-0c-f3-ea"
>> >> > Acct-Session-Id = "00-0c-41-0c-f3-ea"
>> >> > NAS-Identifier = "wolfe-ap1"
>> >> > NAS-IP-Address = 66.92.46.190
>> >> > NAS-Port = 2
>> >> > NAS-Port-Type = 19
>> >> > Acct-Authentic = RADIUS
>> >> > Acct-Status-Type = Start
>> >> > Client-IP-Address = 66.92.46.190
>> >> > Timestamp = 1065722812
>> >> > Request-Authenticator = Unverified
>> >> >
>> >> >
>> >> > I did however notice the following statistics on the orinoco:
>> >> >
>> >> > Primary Authentication Server
>> >> > Access Requests 1
>> >> > Access Accepts 1
>> >> > Access Retransmissions 3
>> >> > Access Rejects 0
>> >> > Access Challenges 0
>> >> > Malformed Access Responses 0
>> >> > Authentication Bad Authenticators 1   <<<  ?
>> >> > Timeouts 3
>> >> >
>> >> > Primary Accounting Server
>> >> > Accounting Requests 1
>> >> > Accounting Retransmissions 0
>> >> > Accounting Responses 1
>> >> > Accounting Bad Authenticators 1   <<<  ?
>> >> >
>> >> >
>> >> > And any password being passed to radius comes back in a jumbled
>> string
>> >> of
>> >> > letters and numbers, about 50 characters long.
>> >> >
>> >> >
>> >> > This is my freeradius config:
>> >> >
>> >> > clients:
>> >> > 66.92.46.190   <>
>> >> >
>> >> > clients.conf:
>> >> > client 66.92.46.190 {
>> >> > secret  = <>
>> >> > nastype = portslave
>> >> > shortname   = wolfe1-ap1
>> >> > }
>> >> >
>> >> > naslist:
>> >> > 66.92.46.190wolfe1-ap1  portslave
>> >> >
>> >> >
>> >> >
>> >> > Anyone have any ideas?  I'd really like to use freeradius, I want
>> >> mysql.
>> >> >
>> >> > Thanks in advance.
>> >> >
>> >> > -
>> >> > List info/subscribe/unsubscribe? See
>> >> > http://www.freeradius.org/list/users.html
>> >> >
>> >>
>> >>
>> >> -
>> >> List info/subscribe/unsubscribe? See
>> >> http://www.freeradius.org/list/users.html
>> >>
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Orinoco Shared Key Problem - RE: FR and Orinoco AP2000

2003-10-09 Thread Joe Antkowiak 
Tried that too...  is there another one I need to use maybe?  orinoco uses
lucent gear...  But would that cause this kind of problem?  What exactly
does the NAS-type make radius do differently?


> Maybe try changing your NAS type to other?
>
> --
> AA7C EF9F 451F E4AF EB1E 7212 BA37 2882 E813 5B02
> --
> Jay DeSotel
> Systems Administrator
> InterLink L.C.
> <[EMAIL PROTECTED]>
>
> On Thu, 9 Oct 2003, Joe Antkowiak wrote:
>
>> Ok, so I read a little more, and it looks like there is a problem with
>> my
>> shared secret, on the orinoco side.
>>
>> I've entered and re-entered the shared secret on the orinoco AP to no
>> avail.  Just to make sure it works, I tried this exact config with a
>> cisco
>> AP and it works fine.
>>
>> Is there something special I have to do when getting an Orinoco AP to
>> talk
>> to freeradius, ie to/for the shared key?  What NAS type should I use?
>> (Would that have anything to do with this?)
>>
>> It only authenticates because I have Auth-Type := Accept set on every
>> mac
>> address user.
>>
>> -Joe
>>
>> > Hi,
>> >
>> > I'm stumped.
>> >
>> > We have a few orinico AP-2000's that we're trying to set up
>> mac-address
>> > control through radius.
>> >
>> > The authentication works fine.  The shared secrets are correct,
>> > everything's configured right, etc...
>> >
>> > Accounting, however, doesn't.  When freeradius 0.9.1 (and 0.9.0)
>> receives
>> > an accounting request from any AP2000, it complains that the shared
>> secret
>> > is not the same, and rejects it.
>> >
>> > Now, I've read all the e-mails I could find about this, and I've tried
>> all
>> > kinds of things, and I still can't get it to work, with freeradius.
>> >
>> > On an off chance, I tried it with cistron radius instead, with basicly
>> the
>> > same exact configuration, and wa-la, everything works!
>> >
>> > This is the account record that the AP sends back to radius (as
>> recorded
>> > by cistron):
>> > Thu Oct  9 14:06:52 2003
>> > User-Name = "00-0c-41-0c-f3-ea"
>> > Acct-Session-Id = "00-0c-41-0c-f3-ea"
>> > NAS-Identifier = "wolfe-ap1"
>> > NAS-IP-Address = 66.92.46.190
>> > NAS-Port = 2
>> > NAS-Port-Type = 19
>> > Acct-Authentic = RADIUS
>> > Acct-Status-Type = Start
>> > Client-IP-Address = 66.92.46.190
>> > Timestamp = 1065722812
>> > Request-Authenticator = Unverified
>> >
>> >
>> > I did however notice the following statistics on the orinoco:
>> >
>> > Primary Authentication Server
>> > Access Requests 1
>> > Access Accepts 1
>> > Access Retransmissions 3
>> > Access Rejects 0
>> > Access Challenges 0
>> > Malformed Access Responses 0
>> > Authentication Bad Authenticators 1   <<<  ?
>> > Timeouts 3
>> >
>> > Primary Accounting Server
>> > Accounting Requests 1
>> > Accounting Retransmissions 0
>> > Accounting Responses 1
>> > Accounting Bad Authenticators 1   <<<  ?
>> >
>> >
>> > And any password being passed to radius comes back in a jumbled string
>> of
>> > letters and numbers, about 50 characters long.
>> >
>> >
>> > This is my freeradius config:
>> >
>> > clients:
>> > 66.92.46.190   <>
>> >
>> > clients.conf:
>> > client 66.92.46.190 {
>> > secret  = <>
>> > nastype = portslave
>> > shortname   = wolfe1-ap1
>> > }
>> >
>> > naslist:
>> > 66.92.46.190wolfe1-ap1  portslave
>> >
>> >
>> >
>> > Anyone have any ideas?  I'd really like to use freeradius, I want
>> mysql.
>> >
>> > Thanks in advance.
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR and Orinoco AP-2000 Problem

2003-10-09 Thread Joe Antkowiak 
I'm not using mysql yet...

I have the same ssecret set the same in clients, clients.conf, and
naspasswd.  I also tried just setting it in clients.conf.

> You do have your ssecret set the same in *both* the radacctable and
> radiustbl, right?
>
> --Mike
>
>
> On Thu, 2003-10-09 at 14:24, Joe Antkowiak wrote:
>> I am using 2.3.1 =(
>>
>> AP-2000 v2.3.1(554)   Do I need a new 2.3.1 build?
>>
>> > Upgrade to firmware version 2.3.1.  It sounds like you're using
>> firmware
>> > version 2.2.2 which had the problem you describe.
>> >
>> > --Mike
>> >
>> >
>> > On Thu, 2003-10-09 at 13:16, Joe Antkowiak wrote:
>> >> Hi,
>> >>
>> >> I'm stumped.
>> >>
>> >> We have a few orinico AP-2000's that we're trying to set up
>> mac-address
>> >> control through radius.
>> >>
>> >> The authentication works fine.  The shared secrets are correct,
>> >> everything's configured right, etc...
>> >>
>> >> Accounting, however, doesn't.  When freeradius 0.9.1 (and 0.9.0)
>> >> receives
>> >> an accounting request from any AP2000, it complains that the shared
>> >> secret
>> >> is not the same, and rejects it.
>> >>
>> >> Now, I've read all the e-mails I could find about this, and I've
>> tried
>> >> all
>> >> kinds of things, and I still can't get it to work, with freeradius.
>> >>
>> >> On an off chance, I tried it with cistron radius instead, with
>> basicly
>> >> the
>> >> same exact configuration, and wa-la, everything works!
>> >>
>> >> This is the account record that the AP sends back to radius (as
>> recorded
>> >> by cistron):
>> >> Thu Oct  9 14:06:52 2003
>> >> User-Name = "00-0c-41-0c-f3-ea"
>> >> Acct-Session-Id = "00-0c-41-0c-f3-ea"
>> >> NAS-Identifier = "wolfe-ap1"
>> >> NAS-IP-Address = 66.92.46.190
>> >> NAS-Port = 2
>> >> NAS-Port-Type = 19
>> >> Acct-Authentic = RADIUS
>> >> Acct-Status-Type = Start
>> >> Client-IP-Address = 66.92.46.190
>> >> Timestamp = 1065722812
>> >> Request-Authenticator = Unverified
>> >>
>> >>
>> >> I did however notice the following statistics on the orinoco:
>> >>
>> >> Primary Authentication Server
>> >> Access Requests 1
>> >> Access Accepts 1
>> >> Access Retransmissions 3
>> >> Access Rejects 0
>> >> Access Challenges 0
>> >> Malformed Access Responses 0
>> >> Authentication Bad Authenticators 1   <<<  ?
>> >> Timeouts 3
>> >>
>> >> Primary Accounting Server
>> >> Accounting Requests 1
>> >> Accounting Retransmissions 0
>> >> Accounting Responses 1
>> >> Accounting Bad Authenticators 1   <<<  ?
>> >>
>> >>
>> >> And any password being passed to radius comes back in a jumbled
>> string
>> >> of
>> >> letters and numbers, about 50 characters long.
>> >>
>> >>
>> >> This is my freeradius config:
>> >>
>> >> clients:
>> >> 66.92.46.190   <>
>> >>
>> >> clients.conf:
>> >> client 66.92.46.190 {
>> >> secret  = <>
>> >> nastype = portslave
>> >> shortname   = wolfe1-ap1
>> >> }
>> >>
>> >> naslist:
>> >> 66.92.46.190wolfe1-ap1  portslave
>> >>
>> >>
>> >>
>> >> Anyone have any ideas?  I'd really like to use freeradius, I want
>> mysql.
>> >>
>> >> Thanks in advance.
>> >>
>> >> -
>> >> List info/subscribe/unsubscribe? See
>> >> http://www.freeradius.org/list/users.html
>> > --
>> >
>> > --Mike
>> >
>> > ---
>> > Michael Griego
>> > Wireless LAN Project Manager
>> > The University of Texas at Dallas
>> >
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> --
>
> --Mike
>
> ---
> Michael Griego
> Wireless LAN Project Manager
> The University of Texas at Dallas
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR and Orinoco AP-2000 Problem

2003-10-09 Thread Joe Antkowiak 
I am using 2.3.1 =(

AP-2000 v2.3.1(554)   Do I need a new 2.3.1 build?

> Upgrade to firmware version 2.3.1.  It sounds like you're using firmware
> version 2.2.2 which had the problem you describe.
>
> --Mike
>
>
> On Thu, 2003-10-09 at 13:16, Joe Antkowiak wrote:
>> Hi,
>>
>> I'm stumped.
>>
>> We have a few orinico AP-2000's that we're trying to set up mac-address
>> control through radius.
>>
>> The authentication works fine.  The shared secrets are correct,
>> everything's configured right, etc...
>>
>> Accounting, however, doesn't.  When freeradius 0.9.1 (and 0.9.0)
>> receives
>> an accounting request from any AP2000, it complains that the shared
>> secret
>> is not the same, and rejects it.
>>
>> Now, I've read all the e-mails I could find about this, and I've tried
>> all
>> kinds of things, and I still can't get it to work, with freeradius.
>>
>> On an off chance, I tried it with cistron radius instead, with basicly
>> the
>> same exact configuration, and wa-la, everything works!
>>
>> This is the account record that the AP sends back to radius (as recorded
>> by cistron):
>> Thu Oct  9 14:06:52 2003
>> User-Name = "00-0c-41-0c-f3-ea"
>> Acct-Session-Id = "00-0c-41-0c-f3-ea"
>> NAS-Identifier = "wolfe-ap1"
>> NAS-IP-Address = 66.92.46.190
>> NAS-Port = 2
>> NAS-Port-Type = 19
>> Acct-Authentic = RADIUS
>> Acct-Status-Type = Start
>> Client-IP-Address = 66.92.46.190
>> Timestamp = 1065722812
>> Request-Authenticator = Unverified
>>
>>
>> I did however notice the following statistics on the orinoco:
>>
>> Primary Authentication Server
>> Access Requests 1
>> Access Accepts 1
>> Access Retransmissions 3
>> Access Rejects 0
>> Access Challenges 0
>> Malformed Access Responses 0
>> Authentication Bad Authenticators 1   <<<  ?
>> Timeouts 3
>>
>> Primary Accounting Server
>> Accounting Requests 1
>> Accounting Retransmissions 0
>> Accounting Responses 1
>> Accounting Bad Authenticators 1   <<<  ?
>>
>>
>> And any password being passed to radius comes back in a jumbled string
>> of
>> letters and numbers, about 50 characters long.
>>
>>
>> This is my freeradius config:
>>
>> clients:
>> 66.92.46.190   <>
>>
>> clients.conf:
>> client 66.92.46.190 {
>> secret  = <>
>> nastype = portslave
>> shortname   = wolfe1-ap1
>> }
>>
>> naslist:
>> 66.92.46.190wolfe1-ap1  portslave
>>
>>
>>
>> Anyone have any ideas?  I'd really like to use freeradius, I want mysql.
>>
>> Thanks in advance.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> --
>
> --Mike
>
> ---
> Michael Griego
> Wireless LAN Project Manager
> The University of Texas at Dallas
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Orinoco Shared Key Problem - RE: FR and Orinoco AP2000

2003-10-09 Thread Joe Antkowiak 
Ok, so I read a little more, and it looks like there is a problem with my
shared secret, on the orinoco side.

I've entered and re-entered the shared secret on the orinoco AP to no
avail.  Just to make sure it works, I tried this exact config with a cisco
AP and it works fine.

Is there something special I have to do when getting an Orinoco AP to talk
to freeradius, ie to/for the shared key?  What NAS type should I use?
(Would that have anything to do with this?)

It only authenticates because I have Auth-Type := Accept set on every mac
address user.

-Joe

> Hi,
>
> I'm stumped.
>
> We have a few orinico AP-2000's that we're trying to set up mac-address
> control through radius.
>
> The authentication works fine.  The shared secrets are correct,
> everything's configured right, etc...
>
> Accounting, however, doesn't.  When freeradius 0.9.1 (and 0.9.0) receives
> an accounting request from any AP2000, it complains that the shared secret
> is not the same, and rejects it.
>
> Now, I've read all the e-mails I could find about this, and I've tried all
> kinds of things, and I still can't get it to work, with freeradius.
>
> On an off chance, I tried it with cistron radius instead, with basicly the
> same exact configuration, and wa-la, everything works!
>
> This is the account record that the AP sends back to radius (as recorded
> by cistron):
> Thu Oct  9 14:06:52 2003
> User-Name = "00-0c-41-0c-f3-ea"
> Acct-Session-Id = "00-0c-41-0c-f3-ea"
> NAS-Identifier = "wolfe-ap1"
> NAS-IP-Address = 66.92.46.190
> NAS-Port = 2
> NAS-Port-Type = 19
> Acct-Authentic = RADIUS
> Acct-Status-Type = Start
> Client-IP-Address = 66.92.46.190
> Timestamp = 1065722812
> Request-Authenticator = Unverified
>
>
> I did however notice the following statistics on the orinoco:
>
> Primary Authentication Server
> Access Requests 1
> Access Accepts 1
> Access Retransmissions 3
> Access Rejects 0
> Access Challenges 0
> Malformed Access Responses 0
> Authentication Bad Authenticators 1   <<<  ?
> Timeouts 3
>
> Primary Accounting Server
> Accounting Requests 1
> Accounting Retransmissions 0
> Accounting Responses 1
> Accounting Bad Authenticators 1   <<<  ?
>
>
> And any password being passed to radius comes back in a jumbled string of
> letters and numbers, about 50 characters long.
>
>
> This is my freeradius config:
>
> clients:
> 66.92.46.190   <>
>
> clients.conf:
> client 66.92.46.190 {
> secret  = <>
> nastype = portslave
> shortname   = wolfe1-ap1
> }
>
> naslist:
> 66.92.46.190wolfe1-ap1  portslave
>
>
>
> Anyone have any ideas?  I'd really like to use freeradius, I want mysql.
>
> Thanks in advance.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FR and Orinoco AP-2000 Problem

2003-10-09 Thread Joe Antkowiak 
Hi,

I'm stumped.

We have a few orinico AP-2000's that we're trying to set up mac-address
control through radius.

The authentication works fine.  The shared secrets are correct,
everything's configured right, etc...

Accounting, however, doesn't.  When freeradius 0.9.1 (and 0.9.0) receives
an accounting request from any AP2000, it complains that the shared secret
is not the same, and rejects it.

Now, I've read all the e-mails I could find about this, and I've tried all
kinds of things, and I still can't get it to work, with freeradius.

On an off chance, I tried it with cistron radius instead, with basicly the
same exact configuration, and wa-la, everything works!

This is the account record that the AP sends back to radius (as recorded
by cistron):
Thu Oct  9 14:06:52 2003
User-Name = "00-0c-41-0c-f3-ea"
Acct-Session-Id = "00-0c-41-0c-f3-ea"
NAS-Identifier = "wolfe-ap1"
NAS-IP-Address = 66.92.46.190
NAS-Port = 2
NAS-Port-Type = 19
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Client-IP-Address = 66.92.46.190
Timestamp = 1065722812
Request-Authenticator = Unverified


I did however notice the following statistics on the orinoco:

Primary Authentication Server
Access Requests 1
Access Accepts 1
Access Retransmissions 3
Access Rejects 0
Access Challenges 0
Malformed Access Responses 0
Authentication Bad Authenticators 1   <<<  ?
Timeouts 3

Primary Accounting Server
Accounting Requests 1
Accounting Retransmissions 0
Accounting Responses 1
Accounting Bad Authenticators 1   <<<  ?


And any password being passed to radius comes back in a jumbled string of
letters and numbers, about 50 characters long.


This is my freeradius config:

clients:
66.92.46.190   <>

clients.conf:
client 66.92.46.190 {
secret  = <>
nastype = portslave
shortname   = wolfe1-ap1
}

naslist:
66.92.46.190wolfe1-ap1  portslave



Anyone have any ideas?  I'd really like to use freeradius, I want mysql.

Thanks in advance.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html